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Justice Graduate Program at Eastern Kentucky 
University. Thirty hours of graduate study and 
certain prerequisite courses or equivalents must be 
satisfied to complete the program. 

The program incorporates the areas of security, 
fire prevention and control, and safety. Courses 
required are: Loss Prevention Auditing, Criminal 


Law, Risk Management, Research Methodology, 
Theories of Crime, College Teaching, Thesis or 
Electives. 

Inquire of Dr. Bill Tillett, Chairman, Depart- 
ment of Security, College of Law Enforcement, 
Eastern Kentucky University, Richmond, KY 
40475. 


LITERATURE 


COST EFFECTIVE AND PRACTICAL 
COMPUTER SECURITY MEASURES 


“Quantifying Computer Security Risks and 
Safeguards: An Actuarial Approach,” an article in 
the October 1982 issue of information age (Butter- 
worth & Co. ((Publishers)) Ltd.), presents a com- 
promise solution to the problem of providing 
security that is both cost effective and practical 
and that will be acceptable to the corporate objec- 
tive of prudent loss control and effective security 
management. 

The two broad areas of potential loss of use of 
the computer are classified as: 1) physical 
damage—natural hazards of fire, flood, arson, van- 
dalism; and 2) system interference—fraud, sabo- 
tage, privacy breaches, equipment breakdown, 
errors and omissions. 

To assess risks, the likelihood or frequency of 
occurrence and the severity of loss are examined. 
In risk likeiinood, fcur probability ratings are 
ascribed: improbable—most unlikely to happen; 
remote—unlikely under normal circumstances; 
possible—a reasonable change of occurrence; 
probable—very likely to happen. In loss severity, 
four categories are also given: low—the loss is 
insignificant; medium—the loss could cause a pro- 
biem with the company’s cash flow; high—loss 
could lead to a deficit in trading; catastrophic—the 
company could go under. 

To look at the options for risk control, the 


paper considers: 1) risk retention—a conscious 
decision to absorb a risk (e.g., replacement of 
damaged magnetic tapes through normal wear and 
tear); 2) risk transfer—transferring risks from one 
party to another (e.g., using an insurance company 
to protect from catastrophic losses); 3) positive 
action—implemented through installation of pro 
tection equipment and software, appointment of 
contro! and security personnel, setting up control 
and reporting procedures or providing security 
training to improve general awareness of risks and 
taking effective action to minimize losses. 

To obtain the best value for money when 
budgeting for security and insurance, the article 
suggests addressing the following issues: 


1) What is an acceptable level of risk to the 
company? 


2) What security measures will attract a dis 
count on premiums? 


3) Are there additional benefits associated with 
the proposed countermeasures? 


4) Are there any hidden pitfalls in computer 
insurance? 


5) How to work out the trade off between 
security and insurance? 


INDEX TO BOOKS AND MONOGRAPHS REVIEWED IN VOLUME 14 
(Numbers following each entry indicate volume and page.) 


Bahr, Alice Harrison, Book Theft and Library Security 
Systems, 3, 11 

Bank Administration Institute, /mp/ementing Data Security 
in Financial Institutions, 10, 8 

Bank Administration Institute, System Software Security, 
10,8 


Barnard, Robert L., /ntrusion Detection Systems: Principles 
of Operation and Applications, 5, 10 

Bavis, Keagle W. and William E. Perry, Auditing Computer 
Applications: A Basic Systems Approach, 9,7 

Behavioral Science and the Secret Service: Toward the Pre 
vention of Assassination, 8, 7 
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